如何使用cookie创建一个登录php页面?

时间:2014-01-11 13:32:49

标签: php mysql database cookies login

我想创建一个带登录的管理页面,如果用户已登录并且他在我的数据库中是管理员,则必须显示内容,如果不是管理员,则会显示内容但没有某些权限。如果用户和密码与任何用户和密码表单数据库不匹配,则必须出现消息错误。

这是我的HTML代码:

<form action="admin.php" method="post">
<table>
    <tr><td>
        <label>User:&nbsp&nbsp&nbsp</label> </td> <td><input type="text" class="text" name="user"/> <span></span>
    </td></tr>
    <tr><td>
        <label>Password:</label> </td> <td> <input type="password" class="text" name="pass"/> <span></span>
    </td></tr>
    <tr ><td colspan="2">
    <p align=center><input type="submit" class="submit" value="Log In" /> </p>
    </td></tr>

这是我的PHP代码:

<?php
require_once('config.php');
        $user = $_POST['user'] ;
        $pass = $_POST['pass'] ;
        $sql='SELECT * FROM users';
        $result = mysql_query($sql);
        $row = mysql_fetch_array($result);
?>

我的表是:

 |ID_user| user |password|is_admin|
 |   1   |admin | admin  |    1   |

谢谢!

2 个答案:

答案 0 :(得分:3)

我做到了!答案是:

admin.php的

<div id="content">
    <div id="main_r">';
    require_once('config.php');
    if (isset($_GET['err'])){
         $err=$_GET['err'];
    if($err==1)
         echo'<h4>Pls insert user and pass!</h4>';
    else if ($err==2)
         echo'<h4>User and pass are incorect!</h4>';
    }
    if(!isset($_COOKIE["TestCookie"]))  
         echo'
         <form action="dologin.php" method="post">
        <table>
            <tr><td>
            <label>User:&nbsp&nbsp&nbsp</label> </td> <td><input type="text" class="text" name="user"/> <span></span>
            </td></tr>
            tr><td>
            <label>Pass:</label> </td> <td> <input type="password" class="text" name="pass"/> <span></span>
            </td></tr>
            <tr ><td colspan="2">
            <p align=center><input type="submit" class="submit" value="Log In" /> </p>
            </td></tr>
        </table>';
        else{
            $curr = $_COOKIE['TestCookie'];
            $sql = "SELECT user, admin FROM useri WHERE ID_user='$curr'";
            $result = mysql_query($sql);
            $row = mysql_fetch_array($result);
            echo'<h4>Welcome '.$row['user'].'</h4>
            </div>';
        }

dologin.php 

<?php
require_once('config.php');
if (isset($_POST['user']) && isset($_POST['pass']))
{
$user = $_POST['user'] ;
$pass = $_POST['pass'] ;
$pass_hash = md5($pass);
$err = 0;

if (!empty($user) && !empty($pass))
{
    $sql="SELECT ID_user FROM useri WHERE user='$user' AND password='$pass_hash'";
    $result = mysql_query($sql);
    $row = mysql_fetch_array($result);
    if ($result)
    {
        $num_rows = mysql_num_rows($result);                
        if($num_rows==0) 
            $err=2;
        else if ($num_rows==1) 
        {
            $ID_user = $row['ID_user'];
            //echo $ID_user;
            setcookie("TestCookie",$ID_user, time()+3600);
        }
    } 
} else
    $err=1;
header("Location: http://yoursite/admin.php?err=".$err);
exit;       
}
?>

答案 1 :(得分:2)

你的SQL已经......不好。你正在使用mysql_,但现在让我们跳过它。您没有检查用户是否存在以及密码是否匹配。 

$result = mysql_query("SELECT * FROM `users` WHERE `username` = $user AND `password` = $pass");
if(mysql_num_rows($result) > 0) { //so if user exists where user = adimouse91 and pass = mouse, it'll be one
 echo 'this is content for logged in users';
}

$isAdmin = mysql_fetch_assoc($result);
if($isAdmin['is_admin'] == '1') {
 echo 'this is content for admins';
}

我没有考虑一般的密码盐和散列(你应该做的!)或会话。会话让您的生活更轻松(想象一下,如果您可以做if($_SESSION['admin'] == 1) { }!)。

相关问题
最新问题